Hackerzhome

hackerzhome-logo-bg

Cybersecurity news all over the world

HACKERZHOME NEWS

April 7, 2023

Friday

Flipper Zero was prohibited by Amazon because it was a "card skimmer device."

The Flipper Zero portable multi-tool for pen testers is no longer available for purchase on Amazon as the company has designated it as a card-skimming device, prohibiting its sale on the platform.


The Flipper Zero is a lightweight, programmable, and portable pen-testing tool that may be used to experiment with and debug various digital and hardware devices via various protocols, including Bluetooth, RFID, radio, NFC, infrared, and others.


Since its release, users have demonstrated Flipper Zero’s skills, showing off its capacity to ring doorbells, carry out replay attacks to open garage doors and unlock cars, and clone a variety of digital keys.


According to letters distributed to vendors on Thursday night, Flipper Zero has now been blocked by Amazon on its site, designating it as a “restricted product.”


Card-skimming devices are featured on the Amazon Seller Central website in the restricted product category “Lock Picking & Theft Devices,” alongside key duplicating tools and theft tools like Sensormatic detachers.


Several links to previously accessible Amazon pages selling Flipper Zero tools are currently broken and showing “Sorry, we were unable to locate that page. problems, while some describe it as “Unavailable. Please try searching or visit Amazon’s main page.”

NEWS 1
Flipper Zero was prohibited by Amazon because it was a card skimmer device.

Breaking news

LIVE

You are not up to date!

Subscribe to our newsletter and stay updated on cybersecurity news

UK criminal records office acknowledges site difficulties are caused by a cyber event

After putting off publishing a statement for weeks, the UK’s Criminal Records Office (ACRO) has now stated that the web portal troubles that have been occurring since January 17 are the consequence of a “cyber security incident.”

The national law enforcement agency of the nation, ACRO, is in charge of keeping track of criminal record data, delivering criminal records upon request, and exchanging criminal records with other countries.

The announcement that applications were no longer accessible through its online portal due to “critical website maintenance” made by ACRO on March 21 was confirmed today.

The day before, it warned about considerable delays in issuing police certificates because “high requests” caused applications to take longer to process.

Since at least March 31, the website for ACRO has been inaccessible, with a notice stating that “technical problems” are to blame.

Customers must request police or international child protection certifications by email, and the organization will contact them later to collect payment.

The organization formally connected last month’s website maintenance to a cyber incident in a statement that was released earlier today on Twitter.

NEWS 2

For placing advertisements and promotions in this newspaper, or anywhere on our website, contact us through email at [email protected] or fill out this contact form.

Share this news:

April 7, 2023 /

Friday

Hackerzhome News

2

have your heard?
Now, phishing tools and services are sold exclusively on Telegram Know more!

Microsoft files a lawsuit to stop cybercriminals from using the Cobalt Strike tool illegally.

Microsoft files a lawsuit to stop cybercriminals from using the Cobalt Strike tool illegally.

In order to combat the misuse of Cobalt Strike by hackers to spread malware, including ransomware, Microsoft stated it collaborated with Fortra and the Health Information Sharing and Analysis Center (Health-ISAC).

In order to accomplish this, the tech giant’s Digital Crimes Unit (DCU) disclosed that it had obtained a court order in the United States to get rid of unlawful, legacy copies of Cobalt Strike so that cyber criminals could no longer use them.

Cobalt Strike, developed and maintained by Fortra (formerly HelpSystems), is a legitimate post-exploitation tool for simulating adversaries. Still, threat actors have transformed it into a weapon by employing cracked versions of the program over time.

After gaining initial access to a target environment, ransomware perpetrators in particular have used Cobalt Strike to elevate privileges, move laterally across the network, and introduce malware that encrypts files.

The ransomware families tied to or employed by cracked versions of Cobalt Strike have been linked to more than 68 ransomware attacks targeting healthcare institutions in more than 19 different countries, according to Amy Hogan-Burney, general manager of DCU.

NEWS 3

Hitachi, mySCADA, ICL, and Nexx Products Have Major ICS Flaws, According to CISA

Hitachi, mySCADA, ICL, and Nexx Products Have Major ICS Flaws, According to CISA
NEWS 4

Eight Industrial Control Systems (ICS) warnings describing serious issues affecting devices made by Hitachi Energy, mySCADA Technologies, Industrial Control Links, and Nexx have been released by the U.S. Cybersecurity and Infrastructure Security Agency (CISA).

The most serious vulnerability on the list is CVE-2022-3682 (CVSS score: 9.9), which affects Hitachi Energy’s MicroSCADA System Data Management SDM600 and potentially enables remote control of the device by an attacker.

A problem with file permission validation causes the bug, which makes it possible for an attacker to submit a specially designed-message to the system and execute arbitrary code.

SDM600 1.3.0.1339 from Hitachi Energy has been issued to address the problem with SDM600 versions earlier than version 1.2 FP3 HF4 (Build Nr. 1.2.23000.291).

CVE-2023-28400, CVE-2023-28716, CVE-2023-28384, CVE-2023-29169, and CVE-2023-29150 (CVSS scores: 9.9) are a second group of five serious flaws related to command injection defects found in mySCADA myPRO versions 8.26.0 and earlier.

In order to mitigate potential hazards, users are advised to establish control system networks behind firewalls, minimize network exposure, and separate them from corporate networks.

FBI issues a warning about businesses making money off of sextortion victims.

The FBI warns that victims are being targeted by for-profit businesses allegedly involved in sextortion activities using a variety of fraudulent approaches to coerce them into paying for “help” services offered by nonprofit organizations and law enforcement without charge.

Sextortion is a form of online blackmail in which criminals trick potential victims into providing pornographic films or photographs by using phishing emails or fake social media identities.

Criminals frequently obtain access to the social media accounts or contact details of their victims in order to instill dread in them. With this access, they might intimidate the victims by telling them that their friends and family will receive the graphic material.

The FBI claimed in a public service broadcast that these businesses utilize a variety of tactics to coerce sextortion victims into paying high costs for their assistance, including threats, deception, and feeding the victims false information.

The FBI cautioned that for-profit businesses could profit from the victims’ desperation for help and any subsequent sentiments of fear or embarrassment.

The FBI claims that these for-profit businesses’ offers to issue fees for cease and desist orders to the scammers’ accomplices are not legally enforceable.

FBI issues a warning about businesses making money off of sextortion victims.
NEWS 5

For placing advertisements and promotions in this newspaper, or anywhere on our website, contact us through email at [email protected] or fill out this contact form.

Share this news: